The 3-D Secure process is being further developed

Selling reliably on the Web

The new EU Payment Services Directive PSD2 is coming. Here you will find the most important information at a glance:

The 3-D Secure procedure makes online shopping even more secure.

The 3-D Secure Protocol, also known as 3DS, is a worldwide standard and was developed to offer consumers and merchants even more security when authenticating credit card transactions. In online shopping, buyers must authenticate themselves vis-à-vis their bank as legitimate cardholders. In order to complete the order process, 3-D Secure requires, among other things, a code that must be entered. Should fraud nevertheless occur, the Bank shall be liable. For this very secure payment procedure to be processed, both the bank from which the buyer has his credit card and the respective online shop must support 3-D Secure.

What advantages does 3-D Secure 2.x have for the merchant?

In the payment process, additional authentication is now frequently dispensed with (frictionless flow) and replaced by risk-based decisions. This results in fewer payment cancellations, which increases the conversion rate.

3-D Secure 2.x – this is new:

The well-known 3-D Secure protocol has been further developed and now offers faster transmission of security data to card-issuing banks. Until now, the code query was handled statically. Now there is a risk analysis that runs in real time. Depending on which transaction data is transmitted, additional security queries may be required in individual cases. Exactly for this purpose, special software is used to calculate how high the respective risk of fraud is. If the software classifies a purchase as low-risk, the transaction is processed immediately. Otherwise, the buyer must additionally confirm his identity. This applies to about 5 % of all credit card transactions.

That's why 3-D Secure 2.x is coming

The mandatory SCA requirements are designed to make transactions even more secure, both for the buyer and for the merchant. Known weaknesses will be remedied by the new procedure and comply with the new legislation, which comes into force on September 14, 2019 and regulates electronic payments.

By when does a conversion to 3DS 2.x have to take place?

The deadline for the changeover to the new safety procedure is September 14, 2019. Perhaps you have heard in the media that there is a discussion about a postponement of SCA for Germany. However, the European Banking Authority confirms that the legislation and the requirement for SCA will enter into force on that date. Nevertheless, it is promised that applications for individual extensions will be granted. Although it cannot be ruled out that there may be a postponement, we recommend all our customers to prepare for the deadline regardless of this.

As a merchant, you have two options for meeting the SCA legal requirement:

  • Activation of 3DS 1.0, if you have not yet used this standard:
    Please inform us by e-mail to about the desired activation of 3DS 1.0 and indicate the EVO contractor ID of your agreement as well as the client number. The activation will then be performed at short notice and free of charge for you. All other conditions remain unchanged.
  • Activation of 3DS 2.x: We will be approaching you shortly.

Implementing 3DS 2.x requires a number of activities, including:

  1.  the update of your shop plugin, if one is in use
  2. if you do not use a shop plug-in, the update of your interface to capture additional data ele-ments that need to be transferred to the card issuer for risk analysis.

EVO Payments  will approach partners and customers early as soon as there is a need for action.

All nessecary information about 3-D Secure 2.x in one document:

Download Information brochure about 3DS 2.x


How does strong customer authentication work?

Strong customer authentication secures electronic payment transactions. At least two of the following three elements must be authenticated:


This includes the PIN, a password and personal security questions, the answers to which are known only to the customer.


These are items in the exclusive possession of the customer, such as smartphone, token, Smart Watch, etc..


Here it concerns unique factors of the customer-like biometric characteristics, voice, behavior pattern, face ID, etc.